Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
German B2C and B2B e commerce platform from PowerGap GmbH that combines shop frontend, checkout, order management, multi channel fulfillment and payment processing for online retailers in the DACH region.
PowerGap is a German e commerce platform that integrates shop frontend, product catalogue, checkout, order management and multi channel fulfillment. It is widely used by B2C and B2B merchants in the DACH region who need a turnkey shop and operations stack hosted in Germany.
PowerGap sets first party session and cart cookies, processes customer accounts, billing and shipping addresses, order data, payment metadata and CRM information. Optional modules (recommendations, personalisation, analytics, marketing) can introduce additional cookies that fall under ePrivacy consent rules.
Strictly necessary shop cookies (session, cart, security) can be set without prior consent under Article 5(3) ePrivacy and § 25(2) TTDSG. Optional marketing, recommendation and analytics cookies are non essential and require an opt in compliant consent banner.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Operate the shop without consent for transactional functions; gate any optional module behind a consent manager. The banner must list PowerGap and its optional modules, allow rejection as easily as acceptance and store proof of consent.
PowerGap is hosted in Germany. Connected payment providers, marketing platforms or analytics tools may transfer data outside the EU under their own legal basis. Audit each integrated subprocessor and align retention with PSD2 and AMLD requirements for payment data.
Sign the DPA with PowerGap, list the platform and its subprocessors in your ROPA and privacy notice, configure a consent banner that gates optional modules, restrict admin access by role, define retention for orders and abandoned carts (commercial law typically requires 10 years for invoices), and run a DPIA when adding behavioural analytics or AI personalisation.
Websites using PowerGap must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is not normally required for a standard PowerGap shop. It becomes recommended when the platform is combined with behavioural analytics, AI personalisation, large scale profiling or sensitive product categories (medical devices, pharmacy, food supplements with health claims).
Sample consent text
We use PowerGap (PowerGap GmbH, Germany, EU hosting) to operate this online shop. Strictly necessary cookies enable cart, checkout and account features. With your consent we also use recommendation, personalisation and analytics modules that can set additional cookies.
Third-party domains contacted
powergap.decdn.powergap.destatic.powergap.deapi.powergap.deCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| powergap_session | http | Session | Identifies the user session, keeps the cart and login state on the merchant domain. |
| powergap_cart | http | 30 days | Persists the cart ID across visits. |
| powergap_csrf | http | Session | CSRF protection for forms and checkout actions. |
| powergap_locale | http | 1 year | Stores the language and country preference. |
| powergap_mkt | http | 90 days | Marketing cookie set when the optional newsletter / personalisation module is active; requires consent. |
PowerGap uses cookies for user preferences — inform visitors with a consent banner.
PowerGap sets first party cookies on the merchant domain for session (powergap_session), cart (powergap_cart), CSRF (powergap_csrf), language (powergap_locale) and an optional marketing cookie (powergap_mkt) used when the newsletter or personalisation module is active.
No for the strictly necessary shop functions. Yes for any optional module (marketing, personalisation, behavioural analytics) and for embedded third party services such as payment widgets or recommendation engines.
Article 6(1)(b) GDPR (contract performance) for orders, accounts and payment. Article 6(1)(a) (consent) for marketing personalisation and behavioural analytics. Article 6(1)(c) for invoicing and tax retention. Article 6(1)(f) for fraud prevention and IT security.
The platform itself is hosted in Germany. Optional integrations (payment, marketing, analytics) may transfer data outside the EU and must be assessed individually with SCCs and the EU US Data Privacy Framework where applicable.
Not for a standard PowerGap shop. A DPIA becomes recommended when you combine the suite with behavioural analytics, AI personalisation or sensitive product categories (medical devices, pharmacy, food supplements with health claims).
Sign the DPA with PowerGap, declare it in your ROPA, gate optional modules behind a consent banner, restrict admin access, set retention periods aligned with commercial and tax law, document subprocessors and run a DPIA before activating sensitive modules.
Comparable platforms include Shopware, Shopify, commercetools, OXID eShop, Magento (Adobe Commerce), Spryker, JTL Shop and Plentysystems. Each has a different hosting, consent and DPA profile.
Run a cookie scan of your live shop, list each PowerGap cookie and its purpose, declare PowerGap and its subprocessors in the privacy notice, document the EU hosting, link to PowerGap's privacy policy and refresh whenever you enable a new module.